CVE-2024-36000
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix missing hugetlb_lock for resv uncharge
There is a recent report on UFFDIO_COPY over hugetlb:
https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/
350: lockdep_assert_held(&hugetlb_lock);
Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 79aa925bf239c234be8586780e482872dc4690dd < 4c806333efea1000a2a9620926f560ad2e1ca7cc | affected |
| Linux | Linux | 79aa925bf239c234be8586780e482872dc4690dd < f6c5d21db16a0910152ec8aa9d5a7aed72694505 | affected |
| Linux | Linux | 79aa925bf239c234be8586780e482872dc4690dd < 538faabf31e9c53d8c870d114846fda958a0de10 | affected |
| Linux | Linux | 79aa925bf239c234be8586780e482872dc4690dd < b76b46902c2d0395488c8412e1116c2486cdfcb2 | affected |
| Linux | Linux | f87004c0b2bdf0f1066b88795d8e6c1dfad6cea0 | affected |
| Linux | Linux | 5.9.7 < 5.10 | affected |
| Linux | Linux | 5.10 | affected |
| Linux | Linux | 0 < 5.10 | unaffected |
| Linux | Linux | 6.1.91 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.30 <= 6.6.* | unaffected |
| Linux | Linux | 6.8.9 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc
- https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505
- https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10
- https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2
References
- https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc
- https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505
- https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10
- https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.